Docker is a remote first company with employees across Europe, APAC and the Americas that simplifies the lives of developers who are making world-changing apps. We raised our Series C funding in March 2022 for $105M at a $2.1B valuation. We continued to see exponential revenue growth last year. Join us for a whale of a ride!

The Security Architect will report to the Director, Security, Risk & Trust and help Docker enable the growth of Docker’s products with a security-first mindset.

The Security Engineering team enables the secure design and engineering of Docker’s products and secures Docker’s systems and tools with the goal of exceeding security standards, compliance, and audit requirements with velocity and automation in mind. We are an enabling team of Security Engineers, not analysts. As a member of this team, you will work closely with all Docker’s engineering teams in helping determine the overall security strategy for Docker products.

Responsibilities:

• Develop and and integrate cybersecurity designs for systems and networks with security requirements

• Conduct proofs of concept and implement security solutions

• Develop cybersecurity architecture guidelines and ensure systems that are acquired or developed are consistent with those designs

• Perform security reviews, identify gaps in security architecture and develop a security risk management plan

• Perform threat modeling with teams to ensure architecture is developed securely

• Represent security in enterprise-level policy creation and governance around cloud security (AWS, GCP, Azure, etc.)

• Coordinate penetration testing and mitigation/remediation discussions for customer-facing SaaS software products

• Collaborate with engineering teams to access and explain risks, threat, exploits to make risk-informed security decisions

• Run Docker’s security champion program

• Mentor security engineers and champions on cloud security best practices and to advocate for security requirements in their respective engineering teams

Requirements:

• 7+ years of experience in designing and implementing secure cloud architecture

• 10+ years of experience in software development

• Strong knowledge of cloud service models and cloud security best practices

• Experience with AWS and GCP

• Experience with data protection, cryptography, and key management

• Expertise in implementing and overseeing Secure Software Development Lifecycle (SSDLC) practices across an organization

• Software experience with Go, Reactj, and Python

• Experience with API security

• Experience with Auth/Authz

• Familiarity with security and compliance frameworks such as NITS, CIS, ISO 27001, SOC 2, GDPR, etc.

Preferred:

• Cloud security certifications such as AWS Certified Security Specialist, Azure Security Engineer, Certified Cloud Security Professional (CSSP), Certified Kubernetes Security Specialist (CKS)

• Azure experience is a plus

• Clojure experience is a plus

What to expect in the first 30 days

• Develop understanding of Docker’s architecture and infrastructure

• Perform analysis and threat-modeling of Docker’s current security architecture in AWS

• Perform architecture threat-modeling for new products in development and advise engineering teams on best practices

• Develop an understanding of Docker’s security environment and risk register

• Understand Docker’s current roadmap and existing development activities

What to expect in the first 90 days

• Perform analysis and threat-modeling of Docker’s current security architecture in GCP and Azure

• Review critical and high risk APIs

• Perform architecture threat-modeling for new products in development and advise engineering teams on best practices

• Participate in security champions program

What to expect in the first year

• Further Docker’s initiative of security first throughout engineering

• Update and maintain cloud architecture security baselines for the organization

• Develop and lead cloud architecture training for security champions program

• Participate in developing the overall security strategy for the organization

Perks:

• Freedom & flexibility; fit your work around your life

• Home office setup; we want you comfortable while you work

• 16 weeks of paid Parental leave

• Technology stipend equivalent to $100 net/month

• PTO plan that encourages you to take time to do the things you enjoy

• Quarterly, company-wide hackathons

• Training stipend for conferences, courses and classes

• Equity; we are a growing start-up and want all employees to have a share in the success of the company

• Docker Swag

• Medical benefits, retirement and holidays vary by country

Docker embraces diversity and equal opportunity. We are committed to building a team that represents a variety of backgrounds, perspectives, and skills. The more inclusive we are, the better our company will be.

Due to the remote nature of this role, we are unable to provide visa sponsorship.

#LI-REMOTE